Description of problem: We can login with RSA1 key, when permition of "authorized_keys" is "644". But we can't login with RSA1 key, when permission of "authorized_keys" is "664". "ssh" run properly ? If "ssh" run properly, why doesn't "ssh" allow to login, when permission of "authorized_keys" is "664" ? We think it's feature. We'd like to know that why "ssh" doesn't allow to login as the feature. Moreover, why is the file(with permission "664") created, when name(ID) of user and name(ID) of group are not equal and ID of user is greater than 99 ? We know that it's feature by "/etc/basrc". We'd like to know that why "/etc/basrc" makes a distinction. Version-Release number of selected component (if applicable): openssh-3.9p1-3 How reproducible: always Steps to Reproduce: 1.# ssh-keygen -N (passphrase) -t rsa1 2.# cd .ssh 3.# cat identity.pub >> authorized_keys 4.# chmod 664 authorized_keys 5.Send RSA1 key(identity) to client. 6.Login with RSA1 key(identity). Actual results: we can't login with RSA1 key, when permission of "authorized_keys" is "664". Expected results: - If "ssh" run properly, We'd like to know that why "ssh" doesn't allow to login as the feature. - We'd like to know that why "/etc/basrc" makes a distinction. Additional info:
Could you tell me status of problem ?
We would like to know the status of problem.
We would like to know that following behavior is ssh's bug or feature. --------------------------------------------- File Name Permition Login(with RSA1 key) authorized_keys 644 OK 664 NG ---------------------------------------------
Yes, in order for RSA authentication to work, the perms on authorized_keys must be 644 (actually the key is that the file isn't group-writeable.) I can't find a defacto reference for you with a quick search, but if you run 'sshd -ddd' you'll see a message stating permission denied.